By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

There were 1,478 data breaches reported worldwide last year -- 35% more than in 2011, according to an Online Trust Alliance analysis.

But there's something of a bright side to these stats: Almost all the incidents could have been avoided by implementing such simple steps as following data security and privacy best practices and internal controls, according to the OTA.

When you think about data governance, data collection and data protection, it's really everyone's job within an organization.

"We are, more and more, becoming a data-driven economy," said OTA Executive Director and President Craig Spiezle. "As we think about the increase in data-location data and various data types, it creates a tremendous opportunity for business. But it also creates a tremendous opportunity for businesses to lose data that is extremely personal."

The increased use of mobile devices and accompanying bring-your-own-device programs also contribute to data security and privacy concerns. Mobile devices generate information that includes unique identifiers and location data, while users are mostly unaware of what data is being collected, how it is being used and who has access to it. As a result, data incidents and identity theft are increasingly occurring through accidental device loss and cybercrime.

"We're seeing a lot of issues that are caused by the low-hanging fruit, the simple things that just don't get done," said Aaron Weller, managing director of data protection and privacy practice atPricewaterhouseCoopers Inc., one of the sponsors of the OTA's town hall meetings. "You see people every day using unencrypted USB keys and losing thousands of records. It's not always the hard stuff that hurts you. Oftentimes, it's the simple stuff."

The benefits of data security and privacy

All companies, regardless of size or business sector, can benefit from implementing data privacy programs, a data protection strategy and data-loss incident readiness plans, according to the OTA. Some of the steps -- and their accompanying benefits -- include:

Depending on the type of data involved and the jurisdiction of state attorneys general, provide customers with a timely notification and offer consumers reasonable protective measures to help them protect themselves.

The OTA advises that broad sets of operational and technical best practices help protect a company and its customers' personal data. By developing a data lifecycle plan, organizations can respond with immediacy and consistency, Spiezle said. "It's important for businesses to take a data stewardship position on the data they collect, and to make sure they have plans in place," he said. "By adhering to best practices that are attempting to prevent, mediate and respond to threats, I think we all benefit."

More on data security and privacy

As consumerization gains popularity, mobile security remains a top priority

The OTA suggests organizations thoroughly evaluate data from its acquisition through its use, storage and destruction.It's important to balance any data-related regulatory requirements with business needs and consumer expectations, according to the alliance.

Ignoring data security and privacy can be very costly to business: The average cost of a data breach to businesses is $5.5 million, according to the OTA report. Businesses often make data security and privacy more tenuous by rendering it strictly an IT problem, Spiezle said. "I think if we think of it as an IT issue, we set ourselves up for failure," he said. "When you think about data governance, data collection and data protection, it's really everyone's job within an organization."

Simple steps -- such as properly training employees on how to handle the data and why some information requires more attention than other information -- are simple, vendor-neutral processes that organizations can easily implement, Spiezle said. In 2012, 26% of reported breaches stemmed from internal employee misconduct or accidental disclosures -- and more are expected in 2013.

"That's where there is some opportunity for organizations to think about what the real risks are, and what controls should be put in place," PriceWaterhouseCoopers' Weller said about employee-level data security and privacy controls. "It's not always about spending a lot of money to address some of these issues."

Does your company have an organization-wide data security and privacy program?

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy